The Bureau of Industry and Security would welcome additional authority to limit the extent to which major cloud service providers can make computing power available to Chinese entities, in efforts to close what appears to be a loophole in the exercise of its export control regime for artificial intelligence.
“One area where we're looking in this regard is cloud computing,” Thea Kendler, assistant secretary for export administration at the Department of Commerce, told members of the House Foreign Affairs Committee’s panel on accountability and oversight during a Dec. 12 hearing.
Kendler was responding to a question from Rep. Darrell Issa (R-CA) who raised reports that China had managed to produce computer chips used in the development of artificial intelligence despite Commerce imposing export controls on “certain advanced computing and semiconductor manufacturing items” in 2022.
Commerce added to those controls on Oct. 13, with a request for comment. Over the summer, media reports and legislation had surfaced highlighting the possibility that Chinese entities were getting around the Commerce Department’s ban on U.S. companies exporting the chips there by simply accessing the necessary computing power via the cloud.
“Congress can give you greater authority? What is it you don't have?” Issa asked, later adding “Why worry about making AI when you can get the fruit of AI for your development online?”
“It is a concern,” Kendler said. “Certainly companies are looking at it not just from a business perspective, but also from a national security perspective. And we're grateful for that. But it may be a space where we need additional authority.”
In July, Rep. Jeff Jackson (D-NC) introduced the “Closing Loopholes for the Overseas Use and Development of Artificial Intelligence Act” which would explicitly instruct the Commerce secretary to “prohibit United States persons and United States subsidiaries from providing support for the remote use or cloud use of any integrated circuit” meeting certain specifications to China.
“We are all of us trying to figure out in an AI world, how you apply the historic export controls, because it's not going to be chips, it's going to be learning capability in the near future,” said Issa, who is not signed on to that particular bill.
Tim Fist, a fellow with the technology and national security program at the Center for New American Security, told Inside AI Policy know-your-customer style requirements laid out in the Oct. 30 executive order on artificial intelligence for “dual-use foundational models” would be an important precursor for applying export controls aimed at limiting China’s development of AI for military applications to the cloud.
“Creating those kinds of know your customer requirements above some threshold of computation usage is almost certainly a good idea, just for getting visibility about how big a deal would we expect this to be. Are Chinese developers actually seeking to use U.S. cloud services for large-scale AI training and deployments? And how can we sort of get better at detecting when a Chinese user accessing those Cloud Services has links to military intelligence end users?” he said, adding, “I would support giving BIS powers to control the cloud but I would only want that to happen in particular cases.”
Fist said there are some factions pushing for a wholesale ban of all AI-related supply chain elements being exported to China -- whether chips or cloud -- and others, like himself, advocating a more “surgical” approach that would include thresholds similar to those identified in the executive order.
But, “in either world,” he said, “controls are getting expanded and companies won’t like it.”